[Secure-testing-commits] r42385 - data/CVE

Tue Jun 7 21:10:12 UTC 2016

Author: sectracker
Date: 2016-06-07 21:10:12 +0000 (Tue, 07 Jun 2016)
New Revision: 42385

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-06-07 20:33:42 UTC (rev 42384)
+++ data/CVE/list	2016-06-07 21:10:12 UTC (rev 42385)
@@ -1,3 +1,93 @@
+CVE-2016-5324
+	RESERVED
+CVE-2016-5323
+	RESERVED
+CVE-2016-5322
+	RESERVED
+CVE-2016-5321
+	RESERVED
+CVE-2016-5320
+	RESERVED
+CVE-2016-5317
+	RESERVED
+CVE-2016-5316
+	RESERVED
+CVE-2016-5315
+	RESERVED
+CVE-2016-5314
+	RESERVED
+CVE-2016-5313
+	RESERVED
+CVE-2016-5312
+	RESERVED
+CVE-2016-5311
+	RESERVED
+CVE-2016-5310
+	RESERVED
+CVE-2016-5309
+	RESERVED
+CVE-2016-5308
+	RESERVED
+CVE-2016-5307
+	RESERVED
+CVE-2016-5306
+	RESERVED
+CVE-2016-5305
+	RESERVED
+CVE-2016-5304
+	RESERVED
+CVE-2016-5303
+	RESERVED
+CVE-2016-5302
+	RESERVED
+CVE-2015-8913
+	RESERVED
+CVE-2015-8912
+	RESERVED
+CVE-2015-8911
+	RESERVED
+CVE-2015-8910
+	RESERVED
+CVE-2015-8909
+	RESERVED
+CVE-2015-8908
+	RESERVED
+CVE-2015-8907
+	RESERVED
+CVE-2015-8906
+	RESERVED
+CVE-2015-8905
+	RESERVED
+CVE-2015-8904
+	RESERVED
+CVE-2015-1000013
+	RESERVED
+CVE-2015-1000012
+	RESERVED
+CVE-2015-1000011
+	RESERVED
+CVE-2015-1000010
+	RESERVED
+CVE-2015-1000009
+	RESERVED
+CVE-2015-1000008
+	RESERVED
+CVE-2015-1000007
+	RESERVED
+CVE-2015-1000006
+	RESERVED
+CVE-2015-1000005
+	RESERVED
+CVE-2015-1000004
+	RESERVED
+CVE-2015-1000003
+	RESERVED
+CVE-2015-1000002
+	RESERVED
+CVE-2015-1000001
+	RESERVED
+CVE-2015-1000000
+	RESERVED
 CVE-2016-5299
 	RESERVED
 CVE-2016-5298
@@ -109,6 +199,7 @@
 CVE-2016-5245
 	RESERVED
 CVE-2016-4456 [GNUTLS-SA-2016-1]
+	RESERVED
 	- gnutls28 3.4.13-1
 	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
 	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
@@ -130,9 +221,11 @@
 CVE-2014-9855
 	RESERVED
 CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow]
+	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
 CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function]
+	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: Upstream will remove thumbnail from 4.0.7 release
@@ -143,6 +236,7 @@
 	NOTE: https://github.com/arvidn/libtorrent/pull/782
 CVE-2016-5300 [use of too little entropy]
 	RESERVED
+	{DSA-3597-1}
 	- expat 2.1.1-3
 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
 	RESERVED
@@ -152,8 +246,7 @@
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://patchwork.ozlabs.org/patch/629100/
-CVE-2016-5242 [arm: Host crash caused by VMID exhaustion]
-	RESERVED
+CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
 	- xen <unfixed>
 	[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
@@ -795,6 +888,7 @@
 	RESERVED
 CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
 	RESERVED
+	{DSA-3598-1}
 	- vlc 2.2.3-2 (bug #825728)
 	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
 	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
@@ -1214,13 +1308,11 @@
 	- onionshare 0.8.1-2 (unimportant)
 	[jessie] - onionshare <not-affected> (Vulnerable code not present)
 	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
-CVE-2016-4963 [Unsanitised driver domain input in libxl device handling]
-	RESERVED
+CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local OS guest ...)
 	- xen <unfixed>
 	[jessie] - xen <no-dsa> (Minor issue, too intrusive to backport)
 	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
-CVE-2016-4962 [Unsanitised guest input in libxl device handling code]
-	RESERVED
+CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS ...)
 	- xen <unfixed>
 	[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	NOTE: http://xenbits.xen.org/xsa/advisory-175.html
@@ -2619,8 +2711,7 @@
 CVE-2016-4451
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2016-4450
-	RESERVED
+CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 ...)
 	{DSA-3592-1}
 	- nginx 1.10.1-1 (bug #825960)
 	[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
@@ -2680,8 +2771,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
 CVE-2016-4438
 	RESERVED
-CVE-2016-4437 [information disclosure]
-	RESERVED
+CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured ...)
 	- shiro <unfixed> (bug #826653)
 	[jessie] - shiro <no-dsa> (Minor issue)
 CVE-2016-4436
@@ -8535,8 +8625,7 @@
 	RESERVED
 CVE-2016-2336
 	RESERVED
-CVE-2016-2335 [Out-of-bounds read vuilerability]
-	RESERVED
+CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
 	- p7zip 15.14.1+dfsg-2 (bug #824160)
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
 CVE-2016-2334 [Heap-buffer-overflow vulnerability]
@@ -8613,7 +8702,7 @@
 	- librsvg 2.40.12-1
 	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
 CVE-2016-4347
-	RESERVED
+	REJECTED
 	NOTE: Will be rejected
 CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in ...)
 	- php7.0 7.0.4-1
@@ -16693,6 +16782,7 @@
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
 CVE-2012-6702 [unanticipated internal calls to srand]
 	RESERVED
+	{DSA-3597-1}
 	- expat 2.1.1-3
 CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...)
 	- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
@@ -26451,8 +26541,7 @@
 	NOT-FOR-US: IBM Security Guardium
 CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, ...)
 	TODO: check
-CVE-2015-5041
-	RESERVED
+CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 ...)
 	NOT-FOR-US: IBM JDK
 CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
 	NOT-FOR-US: IBM Domino
@@ -29335,7 +29424,7 @@
 	NOTE: https://lkml.org/lkml/2015/5/13/744
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
-	{DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-303-1 DLA-247-1}
+	{DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-507-1 DLA-303-1 DLA-247-1}
 	- openssl 1.0.2b-1
 	- nss 2:3.19.1-1
 	[squeeze] - nss <no-dsa> (no point in switching min key size so close to EOL)


